Total
314277 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-11586 | 2025-10-14 | 8.8 High | ||
| A vulnerability was determined in Tenda AC7 15.03.06.44. This affects an unknown function of the file /goform/setNotUpgrade. This manipulation of the argument newVersion causes stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2025-60378 | 2025-10-14 | 8.1 High | ||
| Stored HTML injection in RISE Ultimate Project Manager & CRM allows authenticated users to inject arbitrary HTML into invoices and messages. Injected content renders in emails, PDFs, and messaging/chat modules sent to clients or team members, enabling phishing, credential theft, and business email compromise. Automated recurring invoices and messaging amplify the risk by distributing malicious content to multiple recipients. | ||||
| CVE-2025-9549 | 2025-10-14 | N/A | ||
| Missing Authorization vulnerability in Drupal Facets allows Forceful Browsing.This issue affects Facets: from 0.0.0 before 2.0.10, from 3.0.0 before 3.0.1. | ||||
| CVE-2025-9551 | 2025-10-14 | N/A | ||
| Improper Restriction of Excessive Authentication Attempts vulnerability in Drupal Protected Pages allows Brute Force.This issue affects Protected Pages: from 0.0.0 before 1.8.0. | ||||
| CVE-2025-9553 | 2025-10-14 | N/A | ||
| Vulnerability in Drupal API Key manager.This issue affects API Key manager: *.*. | ||||
| CVE-2025-9552 | 2025-10-14 | N/A | ||
| Vulnerability in Drupal Synchronize composer.Json With Contrib Modules.This issue affects Synchronize composer.Json With Contrib Modules: *.*. | ||||
| CVE-2025-9554 | 2025-10-14 | N/A | ||
| Vulnerability in Drupal Owl Carousel 2.This issue affects Owl Carousel 2: *.*. | ||||
| CVE-2025-58277 | 2025-10-14 | 4 Medium | ||
| Permission verification bypass vulnerability in the Camera app. Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2025-58282 | 2025-10-14 | 2.8 Low | ||
| Permission control vulnerability in the camera module. Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2025-58287 | 2025-10-14 | 7.8 High | ||
| Use After Free (UAF) vulnerability in the office service. Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2025-58290 | 2025-10-14 | 3.3 Low | ||
| Denial of service (DoS) vulnerability in the office service. Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2025-58298 | 2025-10-14 | 7.3 High | ||
| Data processing error vulnerability in the package management module. Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2025-58299 | 2025-10-14 | 8.4 High | ||
| Use After Free (UAF) vulnerability in the storage management module. Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2025-58286 | 2025-10-14 | 3.3 Low | ||
| Denial of service (DoS) vulnerability in the office service. Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2025-58291 | 2025-10-14 | 3.3 Low | ||
| Denial of service (DoS) vulnerability in the office service. Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2025-58301 | 2025-10-14 | 6.2 Medium | ||
| Buffer overflow vulnerability in the device management module. Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2025-8682 | 2025-10-14 | 4.3 Medium | ||
| The Newsup theme for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check on the newsup_admin_info_install_plugin() function in all versions up to, and including, 5.0.10. This makes it possible for unauthenticated attackers to install the ansar-import plugin. | ||||
| CVE-2025-58293 | 2025-10-14 | 5.5 Medium | ||
| Vulnerability of improper exception handling in the print module. Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2025-11197 | 2025-10-14 | 6.4 Medium | ||
| The Draft List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'drafts' shortcode in all versions up to, and including, 2.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-11254 | 2025-10-14 | 4.3 Medium | ||
| The Contest Gallery – Upload, Vote & Sell with PayPal and Stripe plugin for WordPress is vulnerable to CSV Injection in all versions up to, and including, 27.0.3 via gallery submissions. This makes it possible for unauthenticated attackers to embed untrusted input into exported CSV files, which can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration. | ||||